The application or DLL "XXXX" is not a valid Windows Image.

First off, MANY THANKS!!! I'm pretty sure I have eliminated Personal Guard 2009 after reading instructions here at the GP forums. Wow, that thing gave me fits.

Now somewhere in the process I acquired another problem. It seems like every .exe file that gets executed brings about the error message "The application or DLL "XXXX" is not a valid Windows Image. Please check this against your installation diskette."

If I click on "ok" or the window close "x" in the upper right hand corner the message for that .exe goes away and the program loads and runs like always.

During the time that the computer boots up I must have to click "ok" 30 times or so and then once windows is running it is required for every program I open.

I'd be greatfull if you could help me resolve this problem

Windows XP operating system.

Please download exeHelper from one of the two links.
Link 1
Link 2

• Double-click on exeHelper.com or exeHelper.scr to run the fix.
  
• A black window should pop up, press any key to close once the fix is completed.
  
• Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
  

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

OK, ran exehelper. Did not get "Error deleting file" so here is the log.txt.

Thanks for your help.

exeHelper by Raktor
Build 20091122
Run at 21:21:52 on 11/30/09
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

In addition to the "not a valid windows image" issue I also have popups, including one for Registry Defender.

Here is a Hijack This log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:48 AM, on 12/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Diagnostics\diagent.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dave\My Documents\Downloads\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [zedaleyuz] Rundll32.exe "c:\windows\system32\yepagone.dll",a
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://support.charter.com/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://emerald.employee.com/http://usabhma11.mail.gm.com/iNotes.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152452282421
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O20 - AppInit_DLLs: yeyanido.dll c:\windows\system32\zomomezo.dll c:\windows\system32\juzoteji.dll c:\windows\system32\repozuyi.dll c:\windows\system32\rutetujo.dll c:\windows\ c:\windows\ c:\windows\system32\yepagone.dll
O21 - SSODL: zawupufub - {6e4e9c2c-1e9d-474f-98fc-ab5317dcaf3a} - c:\windows\system32\zomomezo.dll (file missing)
O21 - SSODL: gitutomig - {07b6b5f5-9670-4335-b06f-313b7b9466e4} - c:\windows\system32\yibabofi.dll (file missing)
O21 - SSODL: hifasiliw - {0bc6ed3d-dda9-4511-a291-c239a1198ec9} - (no file)
O21 - SSODL: habigopul - {6977d4d7-d086-44c0-a929-4b87d4b87511} - c:\windows\system32\putamusu.dll (file missing)
O21 - SSODL: noyipesiy - {1be8c8fb-215b-4da6-ad21-acebcb6bb8e0} - c:\windows\system32\pewafahu.dll (file missing)
O21 - SSODL: batanosob - {fedc726d-7a38-4d3e-8f0d-c41a65a8ca4e} - c:\windows\system32\ronogiga.dll (file missing)
O21 - SSODL: giragiwed - {239ef313-01e1-41aa-9c98-48e3ee5feb2f} - c:\windows\system32\zomomezo.dll (file missing)
O21 - SSODL: mayanugab - {60ecd563-4936-4bd8-8dfc-dab6fa64e97c} - c:\windows\system32\bebuviza.dll (file missing)
O21 - SSODL: sumayilof - {042d1e9e-f1f0-437a-af2b-f7cbcd4fddea} - c:\windows\system32\putamusu.dll (file missing)
O21 - SSODL: kelifuham - {f4e52388-e4ad-4b99-8aea-11e6c13e98c7} - c:\windows\system32\sofosepe.dll (file missing)
O21 - SSODL: fiyoluhib - {410960a1-1c22-4736-9486-e4e206380b98} - c:\windows\system32\repozuyi.dll (file missing)
O21 - SSODL: tugudijub - {0810067c-ab2b-4fdc-9af8-5c5cf25a223d} - c:\windows\system32\zomomezo.dll (file missing)
O21 - SSODL: dilegamik - {ec5d26e3-6a74-42b4-9178-26b82f231341} - c:\windows\system32\repozuyi.dll (file missing)
O21 - SSODL: gozokizik - {e3051d2d-7a9f-4754-b093-f8d0ad76a66d} - c:\windows\system32\rutetujo.dll
O21 - SSODL: tifonetob - {b8108f72-c727-4800-80cc-a10dcf6e7b6e} - c:\windows\system32\yepagone.dll
O22 - SharedTaskScheduler: tokatiluy - {6e4e9c2c-1e9d-474f-98fc-ab5317dcaf3a} - c:\windows\system32\zomomezo.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {07b6b5f5-9670-4335-b06f-313b7b9466e4} - c:\windows\system32\yibabofi.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {0bc6ed3d-dda9-4511-a291-c239a1198ec9} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {6977d4d7-d086-44c0-a929-4b87d4b87511} - c:\windows\system32\putamusu.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {1be8c8fb-215b-4da6-ad21-acebcb6bb8e0} - c:\windows\system32\pewafahu.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {fedc726d-7a38-4d3e-8f0d-c41a65a8ca4e} - c:\windows\system32\ronogiga.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {239ef313-01e1-41aa-9c98-48e3ee5feb2f} - c:\windows\system32\zomomezo.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {60ecd563-4936-4bd8-8dfc-dab6fa64e97c} - c:\windows\system32\bebuviza.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {042d1e9e-f1f0-437a-af2b-f7cbcd4fddea} - c:\windows\system32\putamusu.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {f4e52388-e4ad-4b99-8aea-11e6c13e98c7} - c:\windows\system32\sofosepe.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {410960a1-1c22-4736-9486-e4e206380b98} - c:\windows\system32\repozuyi.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {0810067c-ab2b-4fdc-9af8-5c5cf25a223d} - c:\windows\system32\zomomezo.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {ec5d26e3-6a74-42b4-9178-26b82f231341} - c:\windows\system32\repozuyi.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {e3051d2d-7a9f-4754-b093-f8d0ad76a66d} - c:\windows\system32\rutetujo.dll
O22 - SharedTaskScheduler: gahurihor - {b8108f72-c727-4800-80cc-a10dcf6e7b6e} - c:\windows\system32\yepagone.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NeatReceipts Auto Backup - Digital Business Processes - C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 17443 bytes

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Here's the Combofix log.

ComboFix 09-12-02.05 - Dave 12/02/2009 21:28.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.162 [GMT -5:00]
Running from: c:\documents and settings\Dave\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\{CE3E6AA4-16A5-44e2-863D-32BA5178BC62}3
c:\windows\TEMP\{CE3E6AA4-16A5-44e2-863D-32BA5178BC62}4

.
((((((((((((((((((((((((( Files Created from 2009-11-03 to 2009-12-03 )))))))))))))))))))))))))))))))
.

2009-12-02 23:37 . 2009-12-02 23:37 -------- d-----w- c:\documents and settings\DWM\Application Data\Malwarebytes
2009-12-02 03:45 . 2009-12-03 02:24 -------- d-----w- C:\Combo-Fix3178C
2009-12-02 03:37 . 2009-12-02 03:39 -------- d-----w- C:\Combo-Fix
2009-12-01 12:07 . 2009-12-01 12:07 -------- d-----w- c:\program files\mwbam
2009-12-01 03:14 . 2009-12-01 03:13 6944624 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe
2009-11-29 03:07 . 2009-11-29 03:07 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2009-11-29 02:22 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 02:22 . 2009-11-29 03:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 02:22 . 2009-11-29 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-29 02:22 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 02:00 . 2009-11-29 02:00 -------- d-----w- c:\documents and settings\Dave\Application Data\AVG8
2009-11-28 22:51 . 2009-11-28 22:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-28 19:24 . 2009-11-28 19:24 17237488 ----a-w- c:\documents and settings\Dave\Application Data\Real\Update\setup\rp\RealPlayerSPGold.exe
2009-11-28 19:24 . 2009-11-28 19:24 8406648 ----a-w- c:\documents and settings\Dave\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-11-28 19:24 . 2009-11-28 19:24 10309448 ----a-w- c:\documents and settings\Dave\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-11-28 19:24 . 2009-11-28 19:24 64000 ----a-w- c:\documents and settings\Dave\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-11-28 19:24 . 2009-11-28 19:24 52288 ----a-w- c:\documents and settings\Dave\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-11-28 19:24 . 2009-11-28 19:24 50688 ----a-w- c:\documents and settings\Dave\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-11-28 19:24 . 2009-11-28 19:24 114688 ----a-w- c:\documents and settings\Dave\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-11-28 19:02 . 2009-11-29 23:06 79488 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-25 18:57 . 2009-11-25 18:57 79488 ----a-w- c:\documents and settings\DWM\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-12 23:37 . 2009-11-12 23:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 18:21 . 2008-09-13 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-01 03:29 . 2007-12-15 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-01 03:27 . 2007-08-07 17:56 15648 ----a-w- c:\windows\system32\drivers\NSDriver.sys
2009-12-01 03:27 . 2007-08-07 17:58 15648 ----a-w- c:\windows\system32\drivers\AWRTRD.sys
2009-12-01 03:27 . 2007-07-11 18:37 12960 ----a-w- c:\windows\system32\drivers\AWRTPD.sys
2009-12-01 03:25 . 2004-08-08 12:37 -------- d-----w- c:\program files\Lavasoft
2009-12-01 03:14 . 2007-06-26 23:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-01 03:12 . 2007-11-24 00:44 -------- d-----w- c:\documents and settings\Dave\Application Data\Apple Computer
2009-12-01 02:52 . 2007-03-07 23:02 -------- d-----w- c:\program files\Common Files\AOL
2009-12-01 02:52 . 2007-03-07 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-11-29 14:58 . 2004-08-03 22:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-29 02:19 . 2003-01-07 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-11-29 00:00 . 2004-08-03 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-28 19:23 . 2008-03-21 12:04 488968 ----a-w- c:\documents and settings\Dave\Application Data\Real\Update\setup\setup.exe
2009-11-27 01:58 . 2009-04-04 23:27 -------- d-----w- c:\documents and settings\DWM\Application Data\FrostWire
2009-11-26 20:57 . 2009-04-04 23:56 4506256 ----a-w- c:\documents and settings\DWM\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
2009-11-19 02:17 . 2008-08-17 11:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-12 23:38 . 2007-04-20 02:43 -------- d-----w- c:\program files\Picasa2
2009-11-08 19:37 . 2008-09-13 13:19 166552 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-08 18:43 . 2009-04-30 22:00 -------- d-----w- c:\program files\iTunes
2009-11-06 01:30 . 2008-01-06 23:39 -------- d-----w- c:\documents and settings\Tori\Application Data\Apple Computer
2009-11-06 01:30 . 2008-01-06 23:39 -------- d-----w- c:\docume~1\Tori\Application Data\Apple Computer
2009-10-26 20:13 . 2009-10-26 20:13 0 ----a-w- c:\documents and settings\DWM\ntuser.tmp
2009-09-20 14:04 . 2009-09-20 14:04 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2003-08-27 19:19 . 2005-02-21 12:23 36963 ------w- c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-02_23.36.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-03 05:00 . 2009-12-03 05:00 16384 c:\windows\Temp\Perflib_Perfdata_a10.dat
+ 2009-12-03 03:32 . 2009-12-03 03:32 16384 c:\windows\Temp\Perflib_Perfdata_110.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 03:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1" [X]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Google Update"="c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-13 133104]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="c:\program files\Creative\Diagnostics\diagent.exe startup" [X]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-02-22 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-04 148888]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-11-17 1691648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2001-12-07 258118]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-25 290816]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2002-05-17 65536]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\SYSTEM32\Ati2mdxx.exe [2001-09-04 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2009-2-16 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-1-7 45056]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE [2003-1-13 131584]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\p:\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 7\\VideoWave\\VideoWave7.exe"=
"c:\\Program Files\\DC++306\\DCPlusPlus.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\WINDOWS\\SYSTEM32\\dxdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\E_DPPE03.EXE"=
"c:\\WINDOWS\\BCMSMMSG.exe"=
"c:\\WINDOWS\\SYSTEM32\\imapi.exe"=
"c:\\Program Files\\DellSupport\\DSAgnt.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

R2 NeatReceipts Auto Backup;NeatReceipts Auto Backup;c:\program files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe [9/22/2007 8:24 AM 30320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/15/2007 6:31 AM 24652]
R3 MSSQL$NR2005;MSSQL$NR2005;c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe -sNR2005 --> c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe -sNR2005 [?]
S1 efbDisk;efbDisk; [x]
S3 FTD2XX;Nike Coach USBLink Direct Device;c:\windows\SYSTEM32\DRIVERS\FTD2XX.sys [8/2/2002 10:52 AM 23750]
S3 SQLAgent$NR2005;SQLAgent$NR2005;c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE -i NR2005 --> c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE -i NR2005 [?]
.
Contents of the 'Scheduled Tasks' folder

2009-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-12-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-20 12:32]

2009-12-03 c:\windows\Tasks\RoxioUpdator.job
- c:\program files\Common Files\Roxio Shared\Autoupdater\autoupdater.exe [2004-11-17 14:13]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://search.msn.com
uSearchMigratedDefaultURL = hxxp://msxml.excite.com/info.xcite/search/web/{searchTerms}/1/-/1/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/417/top
mSearch Bar = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\u5pukhjz.default\
FF - prefs.js: browser.startup.homepage - hxxp://abcnews.go.com/
FF - plugin: c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-03 00:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3612)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\wanmpsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe
c:\program files\Creative\Diagnostics\diagent.exe
c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-03 00:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-03 05:56
ComboFix2.txt 2009-12-03 00:30

Pre-Run: 23,858,524,160 bytes free
Post-Run: 23,892,901,888 bytes free

- - End Of File - - 55E4F50CD41168563D54EF089A3F1C1E

How is the machine now?

Really Good. No observed problems. No Personal Guard 2009. No error messages for every dll or exe. No popups for registry defender, etc. I'd say you really know what you're doing! Thank You and nice work.

A small token of my appreciation is on it's way!

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.